‘Good system integration prevents cyber attacks on rail’

Marc Antoni of UIC

With the introduction of new rail systems such as the European Rail Traffic Management System (ERTMS) and Automatic Train Operation (ATO), it is important that the interfaces are well integrated with the whole rail system. Taking account of this in the design prevents, for example, gaps appearing in cyber security, explained Marc Antoni, Rail Department Manager at UIC during the RailTech Europe 2017 conference.

Currently, the rail safety system ERTMS is being rolled out on a large scale across Europe. In addition, various rail businesses are carrying out, or preparing to carry out, tests with self-driving trains. ATO is a system that makes this possible.

Design choices

According to Antoni, the design choices that are now being taken for the new systems will determine future rail safety, internet security and rail maintenance. Therefore he believes it is important that the teams within rail businesses that are working on asset management, rail safety and cyber security cooperate from an early stage. “The battle could be won or lost in the first design phase.”

“If the systems that must be integrated with each other are complex, then you can forget about having good safety or internet security. Complex systems are difficult to fully test. Someone who manages to get a code to hack a system will win. In this digital era, we are coming up against a new paradigm.”

‘Black swan’

“Firstly, the rail sector must formalise the requirements and define an interface. That is the only way to retain control of the system,” the rail expert explained. If not, the sector will have to deal with the ‘black swan’, which is an occurrence that comes as a surprise and has an enormous effect. For Antoni, the black swan is a complex rail system that cannot be tested, has poor internet security and track safety, and cannot be used to implement asset management.

“The best thing is to kill off the black swan in the egg,” stated Antoni. “Otherwise the rail sector will have to tackle vendor lock-in, obsolescence [shortage of track elements] and cyber attacks. There must always be a system to fall back on, and the security must be fully comprehensive.”

Prevent rail accidents

So the rail sector has to define what is not acceptable. “We must ensure that things that cannot be accepted, such as gaps in internet security, are excluded at the design stage. Black boxes are also unacceptable.” By doing this, asserted Antoni, accidents on the track can be prevented. “If we do not think about the future it will be costly, not only in monetary terms, but possibly also in people’s lives.”

Asset managers need to “be responsible for performance on the track, internet security, operations and the costs of track maintenance,” to ensure that the rail systems are constructed in a modular way. This makes it possible to correctly establish the extent of wear and tear, in order to improve track maintenance and to ensure that all interfaces from the diverse rail systems are integrated with one another.

If the rail systems are already constructed and tested in a modular way prior to introduction, it is easier to install and test these systems, concluded Antoni.

You just read one of our premium articles free of charge

Want full access? Take advantage of our exclusive offer

See the offer

Author: Marieke van Gompel

Marieke van Gompel is editor of RailFreight.com and chief editor of the ProMedia Group online magazines.

Add your comment

characters remaining.

Log in through one of the following social media partners to comment.

‘Good system integration prevents cyber attacks on rail’ | RailFreight.com

‘Good system integration prevents cyber attacks on rail’

Marc Antoni of UIC

With the introduction of new rail systems such as the European Rail Traffic Management System (ERTMS) and Automatic Train Operation (ATO), it is important that the interfaces are well integrated with the whole rail system. Taking account of this in the design prevents, for example, gaps appearing in cyber security, explained Marc Antoni, Rail Department Manager at UIC during the RailTech Europe 2017 conference.

Currently, the rail safety system ERTMS is being rolled out on a large scale across Europe. In addition, various rail businesses are carrying out, or preparing to carry out, tests with self-driving trains. ATO is a system that makes this possible.

Design choices

According to Antoni, the design choices that are now being taken for the new systems will determine future rail safety, internet security and rail maintenance. Therefore he believes it is important that the teams within rail businesses that are working on asset management, rail safety and cyber security cooperate from an early stage. “The battle could be won or lost in the first design phase.”

“If the systems that must be integrated with each other are complex, then you can forget about having good safety or internet security. Complex systems are difficult to fully test. Someone who manages to get a code to hack a system will win. In this digital era, we are coming up against a new paradigm.”

‘Black swan’

“Firstly, the rail sector must formalise the requirements and define an interface. That is the only way to retain control of the system,” the rail expert explained. If not, the sector will have to deal with the ‘black swan’, which is an occurrence that comes as a surprise and has an enormous effect. For Antoni, the black swan is a complex rail system that cannot be tested, has poor internet security and track safety, and cannot be used to implement asset management.

“The best thing is to kill off the black swan in the egg,” stated Antoni. “Otherwise the rail sector will have to tackle vendor lock-in, obsolescence [shortage of track elements] and cyber attacks. There must always be a system to fall back on, and the security must be fully comprehensive.”

Prevent rail accidents

So the rail sector has to define what is not acceptable. “We must ensure that things that cannot be accepted, such as gaps in internet security, are excluded at the design stage. Black boxes are also unacceptable.” By doing this, asserted Antoni, accidents on the track can be prevented. “If we do not think about the future it will be costly, not only in monetary terms, but possibly also in people’s lives.”

Asset managers need to “be responsible for performance on the track, internet security, operations and the costs of track maintenance,” to ensure that the rail systems are constructed in a modular way. This makes it possible to correctly establish the extent of wear and tear, in order to improve track maintenance and to ensure that all interfaces from the diverse rail systems are integrated with one another.

If the rail systems are already constructed and tested in a modular way prior to introduction, it is easier to install and test these systems, concluded Antoni.

You just read one of our premium articles free of charge

Want full access? Take advantage of our exclusive offer

See the offer

Author: Marieke van Gompel

Marieke van Gompel is editor of RailFreight.com and chief editor of the ProMedia Group online magazines.

Add your comment

characters remaining.

Log in through one of the following social media partners to comment.